Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Problem: persist-credentials might leak github token unintentionally #1090

Merged
merged 3 commits into from
Oct 30, 2024
Merged

Problem: persist-credentials might leak github token unintentionally #1090

merged 3 commits into from
Oct 30, 2024

Conversation

yihuang
Copy link
Collaborator

@yihuang yihuang commented Oct 16, 2024

Solution:

  • try persist-credentials: false

👮🏻👮🏻👮🏻 !!!! REFERENCE THE PROBLEM YOUR ARE SOLVING IN THE PR TITLE AND DESCRIBE YOUR SOLUTION HERE !!!! DO NOT FORGET !!!! 👮🏻👮🏻👮🏻

PR Checklist:

  • Have you read the CONTRIBUTING.md?
  • Does your PR follow the C4 patch requirements?
  • Have you rebased your work on top of the latest master?
  • Have you checked your code compiles? (make)
  • Have you included tests for any non-trivial functionality?
  • Have you checked your code passes the unit tests? (make test)
  • Have you checked your code formatting is correct? (go fmt)
  • Have you checked your basic code style is fine? (golangci-lint run)
  • If you added any dependencies, have you checked they do not contain any known vulnerabilities? (go list -json -m all | nancy sleuth)
  • If your changes affect the client infrastructure, have you run the integration test?
  • If your changes affect public APIs, does your PR follow the C4 evolution of public contracts?
  • If your code changes public APIs, have you incremented the crate version numbers and documented your changes in the CHANGELOG.md?
  • If you are contributing for the first time, please read the agreement in CONTRIBUTING.md now and add a comment to this pull request stating that your PR is in accordance with the Developer's Certificate of Origin.

Thank you for your code, it's appreciated! :)

@codecov Codecov
Copy link

codecov bot commented Oct 16, 2024
edited
Loading

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 31.72%. Comparing base (e92dda1) to head (b433fea).
Report is 1 commits behind head on master.

Additional details and impacted files 
@@            Coverage Diff             @@
##           master    #1090      +/-   ##
==========================================
- Coverage   34.23%   31.72%   -2.51%     
==========================================
  Files          93       93              
  Lines       14151    17020    +2869     
==========================================
+ Hits         4844     5400     +556     
- Misses       8365    10678    +2313     
  Partials      942      942
Flag Coverage Δ
integration_tests 23.88% <ø> (-1.82%) ⬇️
integration_tests_byzantine 10.95% <ø> (-0.30%) ⬇️
integration_tests_gov 11.19% <ø> (-0.32%) ⬇️
integration_tests_grpc 11.19% <ø> (-0.32%) ⬇️
integration_tests_ibc 25.66% <ø> (-1.78%) ⬇️
integration_tests_ledger 11.18% <ø> (-0.32%) ⬇️
integration_tests_slow 11.18% <ø> (-0.32%) ⬇️
integration_tests_solomachine 10.98% <ø> (-0.30%) ⬇️
integration_tests_upgrade 11.19% <ø> (-0.32%) ⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@yihuang yihuang mentioned this pull request Oct 16, 2024
Merged
13 tasks
@yihuang yihuang marked this pull request as ready for review October 30, 2024 02:30
@yihuang yihuang requested a review from a team as a code owner October 30, 2024 02:30
@yihuang yihuang requested a review from mmsqe October 30, 2024 02:31
@yihuang yihuang added this pull request to the merge queue Oct 30, 2024
@github-merge-queue github-merge-queue bot removed this pull request from the merge queue due to failed status checks Oct 30, 2024
@mmsqe mmsqe added this pull request to the merge queue Oct 30, 2024
@github-merge-queue github-merge-queue bot removed this pull request from the merge queue due to failed status checks Oct 30, 2024
@yihuang yihuang added this pull request to the merge queue Oct 30, 2024
@github-merge-queue github-merge-queue bot removed this pull request from the merge queue due to failed status checks Oct 30, 2024
@mmsqe mmsqe enabled auto-merge October 30, 2024 04:51
@mmsqe mmsqe added this pull request to the merge queue Oct 30, 2024
Merged via the queue into crypto-org-chain:master with commit c23a527 Oct 30, 2024
29 of 32 checks passed
@yihuang yihuang deleted the no-persist-credentials branch October 30, 2024 05:54
mmsqe added a commit to mmsqe/chain-main that referenced this pull request Dec 18, 2024
@yihuang @mmsqe
Problem: persist-credentials might leak github token unintentionally (c…
c656e8f 
…rypto-org-chain#1090)

* Problem: persist-credentials might leak github token unintentionally

Solution:
- try persist-credentials: false

* refresh

---------

Signed-off-by: yihuang <[email protected]>
Co-authored-by: mmsqe <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mmsqe mmsqe mmsqe approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@yihuang @mmsqe