Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
Add functionality for allow self-hosted runner to protect workflow file and allow only execution only for collaborators for PRS
See original GitHub issueDescription:
Hi all, first of all I really like the github action runner and self-hosted runner.
It has however an issue with working for pull-request workflows.
I think the runner should have a way to be configurable to run only on Pull-requests from collaborator of X org or Repo. The problem to be solved is to protect the github-workflow file and don’t be changed by any arbitrary PR ( so there is no output redirection or other code executed) it is a recurring topic in some forums, but there is no solution or any issue about this afaik. let me know, and ping me for any info .
best
Issue Analytics
- State:
- Created 3 years ago
- Reactions:69
- Comments:69 (7 by maintainers)
Top Results From Across the Web
Top Related Medium Post
Top Related StackOverflow Question
Troubleshoot Live Code
Top Related Reddit Thread
Top Related Hackernoon Post
Top Related Tweet
Top Related Dev.to Post
Top Related Hashnode Post
How about this:
An example:
Let’s say .github/workflows/pull-request.yml exists, and the suggested checkbox above is checked, and user John / DEV team is configured.
Workflow “.github/workflows/pull-request.yml” will not be executed if:
This allows contributors to create pull requests, and have workflows provide them (and maintainers) with feedback on the changes introduced by the pull request, and, in the same time preventing untrusted parties from changing a workflow, thus preventing any security issues that might arise.
WDYT?
@MalloZup sounds like some policy feature we can add on the service side even before sending the job to the runner.
@chrispat for feedback.