Allow upload from Travis without token

[jmcarp]

Uploading coverage reports requires setting a token in the environment. The documentation recommends skipping coverage uploads on Travis pull request builds, presumably to avoid leaking tokens. But that means it's impossible to get pull request comments on changes in coverage.

Other test coverage products, like codecov, allow uploading from Travis without a token: https://docs.codecov.io/v4.3.6/docs/frequently-asked-questions

The upload token is required for all uploads, except originating from public project using Travis-CI, Circle CI, or AppVeyor CI.

It would be useful to allow coverage uploads from trusted sources to code climate as well.

[ale7714]

@jmcarp 👋 thank you for using Code Climate and your feedback. First, wanted to start by saying that's safe to use your CC_TEST_REPORTER_ID directly on your travis file. We only use the ID to identify your repo (more details here).

The reason we were suggesting to avoid uploading results from push builds and PR builds, it's because we were not handling correctly duplicate coverage for the same commit SHA. We recently released a new version of the test-reporter that should handle this scenario correctly. We will also be updating our docs accordingly. Sorry for any confusion.

Let me know if I can help with anything else.

[satanTime]

+1 here.

if CC_TEST_REPORTER_ID isn't private information I would suggest to share it on the project's page.

I'm a maintainer of an open source project, but, because I don't have admin rights to the repo I cannot fetch the token to finish CI setup, although, I can commit to the repo, release versions etc.