You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@beam.apache.org by "Daniela Martín (Jira)" <ji...@apache.org> on 2022/04/04 19:09:00 UTC
[jira] [Created] (BEAM-14248) Allow committers only to run GitHub Actions workflows on self-hosted runners
Daniela Martín created BEAM-14248:
-------------------------------------
Summary: Allow committers only to run GitHub Actions workflows on self-hosted runners
Key: BEAM-14248
URL: https://issues.apache.org/jira/browse/BEAM-14248
Project: Beam
Issue Type: Improvement
Components: build-system
Reporter: Daniela Martín
Hi everyone,
After a meeting with Jarek and Gavin, we noticed that the implementation of Ash's GitHub Actions Runner [1] would be highly important to have it in the Beam project as well due to security concerns. Ash's version allows us to execute the runners only by approved committers providing us an extra layer of security (this is already implemented in Apache Airflow [2]).
Currently and with the GitHub Actions Runner [3], everyone can execute runners and workflows with any restriction as it's a public repo.
We highly recommend incorporating this approach to the current implementation
Thank you!
[1] https://github.com/ashb/runner
[2] https://github.com/apache/airflow-ci-infra/tree/main/github-runner-ami/packer
[3] https://github.com/actions/runner
--
This message was sent by Atlassian Jira
(v8.20.1#820001)