Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Suggestion: allow open source projects not to need an API key #94

Closed
samboylett opened this issue Jul 14, 2018 · 4 comments
Closed

Suggestion: allow open source projects not to need an API key #94

samboylett opened this issue Jul 14, 2018 · 4 comments

Comments

@samboylett
Copy link

Hi, I've been using stryker a lot and I've been adding the badges to every readme, it's great and encourages people to write good tests in there PRs!

I have a suggestion/feature request, for the codecov badge I don't need to set a key on travis-ci for any open source projects

Would it be possible to add a feature like this to the stryker dashboard?

Thanks! 😄

@ptoonen
Copy link
Member

ptoonen commented Jul 18, 2018

Hi Sam,

good to hear that you like the badge! I'm not sure whether I understand your question correctly, but it seems that you want to update the mutation score without an API key?

I'm not sure that's a good idea because the API key is what prevents random people from (accidentally) updating the mutation score. Although it is technically possible to drop it, we feel like it would make the score less reliable. @nicojs what do you think?

Peter

@nicojs
Copy link
Member

nicojs commented Oct 14, 2019

Maybe we could do this, yet still allow people to configure an API key. If the key is configured, we don't allow uploads without an API key. If there is no API key we allow anonymous access.

@mthmulders
Copy link
Collaborator

I'm curious how CodeCov prevents the whole world of submitting code coverage metrics? I think that one way or another, you'd want some kind of verification that the mutation testing metrics displayed in the badge are valid: i.e., submitted by a process that is controlled by the project maintainer(s).

@theofidry
Copy link

If you allow no keys then you allow anyone to upload a report and potentially completely mess up your project reports.

Why is the key an issue? It's easy to get and allow some level of protection by inserting it as an encrypted environment variable in your build

@rouke-broersma rouke-broersma closed this as not planned Won't fix, can't repro, duplicate, stale Jun 16, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

6 participants