Associate runners with environments
Problem to solve
Using the same runner for your tests, staging deploy and prod deploy isn't really secure, specially when the runners are privileged for docker-in-docker (or other stuff that requires privileged).
Restricting a runner to protected branches isn't bad, but it would be nice if we could properly separate which runner is used per environment as well.
I think protected environment should be another step up from protected branches, ie;
master branch is a protected branch and only Maintainers can merge into it,
so it makes sense you can restrict a runner to only protected branches so that it can't potentially be compromised by something that is ran on it by somebody with lower access (which is possible right now).
development env is allowed to be deployed to by Maintainers,
but to deploy to the
production env you need an even higher access, only for a Release Managers (which is possible right now).
However there's no way to restrict the runner doing the
production deploy to only
production env, so it can potentially be compromised by something that is ran on it by somebody with Maintainer access...
Without being able to restrict runners to envs, protected environments are basically just a UI thing, they don't actually improve security.
That's a bit exaggerated of course, it requires quite a bit of effort to, undetected, take over a job and inject code into it, but it's possible for sure.
Allow project-specific runners to also specify an environment to be restricted to.