Run only on none-protected jobs.
Description
In the settings for a gitlab runner you can mark a specific runner to only pick up "protected" jobs. That is, branches and tags that are protected. This is great, then you can set up specific env variables (like credentials) in the runner without having to worry about a merge request containing CI code that is malicious and tries to output the specific information that should be protected.
Now, my issue is that I wish to be able to mark a few of my group runners to only run on NONE protected jobs. But I can find no way to do this without tagging the jobs either as protected or as none-protected, something that obviously is quite annoying when you have ~ 100 projects which each have a whole lot of CI configurations!
To describe my specific case a bit more in-depth:
My "protected" runners have configuration files for stuff like docker, git, npm etc mounted to the filesystem to make it easier to deploy stuff. The runner will pick up jobs that are protected and runs fine, but then I have other runners whom do NOT have the same files mounted, those should not be able to even try to run the deploy scripts, as they will fail and the job will have to be re-run until the specific runners pick them up.
Allowing my protected runners to pick up jobs that are not protected would create somewhat of a security issue as my tokens could leak in the logs in case someone runs for example... echo /root/.npmrc
.
I might be missing something in the docs or just plainly not understand something with this, if that is the case, please let me know how to get this to work! :)
Proposal
So, in short, my feature proposal: Make it possible to mark a runner to run on jobs that are not protected.
Links to related issues and merge requests / references
I have searched for issues and merge-requests which could be similar to this, but found nothing.