Temporarily disabled releases for DCD, D-Scanner, dfmt
Basile B.
b2.temp at gmx.com
Wed May 5 14:23:03 UTC 2021
On Wednesday, 5 May 2021 at 12:39:47 UTC, Basile B. wrote:
> On Wednesday, 5 May 2021 at 12:26:52 UTC, WebFreak001 wrote:
>> CodeCov was compromised and used in some dlang-community
>> repositories with the same GitHub access token for travis to
>> upload releases. GitHub sent me a mail that the access token
>> was potentially compromised and had suspicious behavior.
>>
>> I have disabled the GitHub access token that is used for
>> dlang-community releases, but it seems like I cannot access
>> the travis settings to manage secrets anymore. (or can't find
>> them)
>>
>> So currently the release scripts will be broken. Anyone with
>> access to the secrets on Travis who can put in new access
>> tokens?
>>
>> It used to be tokens by Basile who has quit GitHub before,
>
> No this kind of stuff (CI, devop,...) were always managed by
> Seb. Eventually maybe the owner of the tokens would be
> HackerPilot ?
I remember now. I've deleted the ones setup by Seb by error. Then
automatic releases were broken. Then the ones I regenerated did
not work because I missed some info to link to the release bot,
probably only Seb could do that. So those tokens were not able to
do anything anyway. You should test if the new ones are able to
upload, let's say by pushing a tag somewhere.
You should find a trace of this, in the community discussion of
dlang-community.
More information about the Digitalmars-d
mailing list