WIP: Sealed Runner (!1329) · Merge requests · GitLab.org / gitlab-runner

xsyvITyt requested to merge xsyvITyt/gitlab-runner:protected-runner into master Apr 23, 2019

What does this MR do?

Adds runner config option to ignore any project-defined script steps. Instead it takes a script definition from the runner config.

Why was this MR needed?

We want to define a runner on which a build step can be defined by any project, but which can retain control over exactly what is executed, i.e. it should not execute any project-defined code. This allows external parties to provide build steps running trusted code or using credentials.

Are there points in the code the reviewer needs to double check?

any other mechanism by which a project can define arbitrary executed commands on a runner should be covered

Does this MR meet the acceptance criteria?

Documentation created/updated
Added tests for this feature/bug
In case of conflicts with master - branch was rebased

What are the relevant issue numbers?

Edited Apr 23, 2019 by xsyvITyt

WIP: Sealed Runner

What does this MR do?

Why was this MR needed?

Are there points in the code the reviewer needs to double check?

Does this MR meet the acceptance criteria?

What are the relevant issue numbers?

Merge request reports