Looks like I was wrong about Codecov

Repo tokens are not required for public repos tested on Travis-Org, CircleCI or AppVeyor.

So I just need to add a check for Percy.

👋 @BPScott #581 mentions including a partial fix for this issue. Any updates on what is yet to be done?

@tmlayton and I (well mostly Tim) are emailing with Percy about this.

There is no issue with CodeCov as repo tokens are not needed on public repos. We have removed the environment variable for our CodeCov token, and coverage is reported for both PRs from our repo and forks.

581 means CI will no-longer error when a running Percy tests from forked repos - it now just doesn't run the Percy tests.

Ideally though we'd still want Percy tests to run for those PRs from forked repos so this ticket isn't resolved just yet.

The concern here is that the only way to get this working is to expose our build environment variables to builds ran on forked repos. This is somewhat scary as it means leaking credentials - somebody could fork our repo, modify the build script to run env and see any secrets we have configured. Admittedly that list of variables at the moment only contains the PERCY_TOKEN but I don't want a situation where we forget we did this in the future and put in something actually secret in there.

only contains the PERCY_TOKEN

I wouldn't want to explain the per-percy-run cost skyrocketing because someone else hijacked our token.

This was one of our major concerns too.

We're still erring towards keeping this disabled for now but I don't think we've made a final decision

I enabled the sharing of this key a month ago or so when I marked all checks as required