Secrets¶
Required and optional secrets for Go Gamma Actions.
Available Secrets¶
| Secret | Required | Used By | Description |
|---|---|---|---|
CODECOV_TOKEN | No | test, ci | Codecov upload token |
CODECOV_TOKEN¶
What It Does¶
Authenticates coverage uploads to Codecov.
When Required¶
- Required for private repositories
- Optional for public repositories (but recommended)
How to Get It¶
- Sign up at codecov.io
- Add your repository
- Go to Settings > General
- Copy the Repository Upload Token
How to Configure¶
Repository Secret¶
- Go to Settings > Secrets and variables > Actions
- Click New repository secret
- Name:
CODECOV_TOKEN - Value: Your token
Organization Secret¶
For multiple repositories:
- Go to organization Settings > Secrets and variables > Actions
- Click New organization secret
- Name:
CODECOV_TOKEN - Value: Your organization token
- Select repositories
Usage¶
jobs:
ci:
uses: go-gamma/actions/.github/workflows/ci.yml@v1
with:
go-version: '1.24'
upload-coverage: true
secrets:
CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
GITHUB_TOKEN¶
Automatic
GITHUB_TOKEN is automatically provided by GitHub Actions. You don't need to configure it.
Used for:
- SARIF upload to Code Scanning
- Creating GitHub Releases
- Triggering pkg.go.dev updates
Permissions¶
Configure via permissions:
Best Practices¶
Use Organization Secrets¶
For consistent configuration across repositories:
Don't Hardcode Tokens¶
# ❌ Never do this
CODECOV_TOKEN: "abc123..."
# ✅ Always use secrets
CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
Secret Rotation¶
Rotate tokens periodically:
- Generate new token
- Update secret in GitHub
- Verify workflows still work