Associate runners with environments
Everyone can contribute. Help move this issue forward while earning points, leveling up and collecting rewards.
Problem to solve
Using the same runner for your tests, staging deploy and prod deploy isn't really secure, specially when the runners are privileged for docker-in-docker (or other stuff that requires privileged).
Restricting a runner to protected branches isn't bad, but it would be nice if we could properly separate which runner is used per environment as well.
Intended users
Developers, Ops
Further details
I think protected environment should be another step up from protected branches, ie;
The master branch is a protected branch and only Maintainers can merge into it,
so it makes sense you can restrict a runner to only protected branches so that it can't potentially be compromised by something that is ran on it by somebody with lower access (which is possible right now).
The development env is allowed to be deployed to by Maintainers,
but to deploy to the production env you need an even higher access, only for a Release Managers (which is possible right now).
However there's no way to restrict the runner doing the production deploy to only production env, so it can potentially be compromised by something that is ran on it by somebody with Maintainer access...
Without being able to restrict runners to envs, protected environments are basically just a UI thing, they don't actually improve security.
That's a bit exaggerated of course, it requires quite a bit of effort to, undetected, take over a job and inject code into it, but it's possible for sure.
Proposal
Allow project-specific runners to also specify an environment to be restricted to.