Suggestion: allow open source projects not to need an API key

[samboylett]

Hi, I've been using stryker a lot and I've been adding the badges to every readme, it's great and encourages people to write good tests in there PRs!

I have a suggestion/feature request, for the codecov badge I don't need to set a key on travis-ci for any open source projects

Would it be possible to add a feature like this to the stryker dashboard?

Thanks! 😄

[ptoonen]

Hi Sam,

good to hear that you like the badge! I'm not sure whether I understand your question correctly, but it seems that you want to update the mutation score without an API key?

I'm not sure that's a good idea because the API key is what prevents random people from (accidentally) updating the mutation score. Although it is technically possible to drop it, we feel like it would make the score less reliable. @nicojs what do you think?

Peter

[nicojs]

Maybe we could do this, yet still allow people to configure an API key. If the key is configured, we don't allow uploads without an API key. If there is no API key we allow anonymous access.

[mthmulders]

I'm curious how CodeCov prevents the whole world of submitting code coverage metrics? I think that one way or another, you'd want some kind of verification that the mutation testing metrics displayed in the badge are valid: i.e., submitted by a process that is controlled by the project maintainer(s).

[theofidry]

If you allow no keys then you allow anyone to upload a report and potentially completely mess up your project reports.

Why is the key an issue? It's easy to get and allow some level of protection by inserting it as an encrypted environment variable in your build