mirror of
https://github.com/kopia/kopia.git
synced 2026-01-25 06:48:48 -05:00
922bc7cbc8
This strengthens credential handling after our signing keys may have been leaked in the [codecov.io breach](https://about.codecov.io/security-update/) * pass only minimal credentials to each build step to avoid exposing sensitive tokens to tools that don't need them (like code coverage) * removed encrypted credential files and replaced with environment-based * allow full ci/cd including publishing artifacts from forks * regenerated all passwords, tokens and service accounts * do not install Google Cloud SDK on GHA - it's already there * moved RPM signing to 'Stage And Publish Artifacts' phase * generated new GPG signing key See https://kopia.discourse.group/t/important-impact-of-codecov-io-security-issue-on-kopia-build-pipeline/377