Is there a reason to protect the Codecov upload token?
What I read on the site says it’s “required to identify which project the coverage belongs to”. The only worry I see is that someone could upload bogus results.
It’s a private source code repo, so if it gets out, I have much worse problems that someone being able to add bogus results to codecov. Is there anything I’m missing?