v4 (beta) is not able to correctly consume secrets

[ssbarnea]

Based on many attempts to make v4 beta to successfully upload, I start to believe that is not usable at all, especially as doing a search on https://sourcegraph.com/search did not uncover any repository that uses environment secreata (aka environment: envname) and also this action.

References: https://github.com/ansible/ansible-lint/pull/3764/files

It should also be notes that current instructions regarding passing secrets seem to not be in sync with official github recommendations for passing htem to reusable actions, see https://docs.github.com/en/actions/using-workflows/reusing-workflows#passing-inputs-and-secrets-to-a-reusable-workflow

If you look at the two examples, they do look very different than the example currently suggested. Based on what they wrote there, passing secrets within with: is not safe.

I would really appreciate a link to one repository that is correctly configured to upload coverage using v4, one that has secrets inside an environment and not inside "repository level secrets", which are discouraged by quite a few years as being unsafe.

[thomasrockhu-codecov]

@ssbarnea thanks for bringing this up, let me take a look as we were using env: as the method of using secrets like so

[thomasrockhu-codecov]

@ssbarnea I think there is a discrepancy here, as this action is not a workflow and the doc linked is for reusable workflows. I think using env is valid given their docs here