You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@beam.apache.org by "Daniela Martín (Jira)" <ji...@apache.org> on 2022/04/04 19:09:00 UTC

[jira] [Created] (BEAM-14248) Allow committers only to run GitHub Actions workflows on self-hosted runners

Daniela Martín created BEAM-14248:
-------------------------------------

             Summary: Allow committers only to run GitHub Actions workflows on self-hosted runners
                 Key: BEAM-14248
                 URL: https://issues.apache.org/jira/browse/BEAM-14248
             Project: Beam
          Issue Type: Improvement
          Components: build-system
            Reporter: Daniela Martín


Hi everyone, 

After a meeting with Jarek and Gavin, we noticed that the implementation of Ash's GitHub Actions Runner [1] would be highly important to have it in the Beam project as well due to security concerns. Ash's version allows us to execute the runners only by approved committers providing us an extra layer of security (this is already implemented in Apache Airflow [2]). 

Currently and with the GitHub Actions Runner [3], everyone can execute runners and workflows with any restriction as it's a public repo. 

We highly recommend incorporating this approach to the current implementation

Thank you!

[1] https://github.com/ashb/runner 
[2] https://github.com/apache/airflow-ci-infra/tree/main/github-runner-ami/packer 
[3] https://github.com/actions/runner 



--
This message was sent by Atlassian Jira
(v8.20.1#820001)