Daniela Martín created BEAM-14248:
-------------------------------------
Summary: Allow committers only to run GitHub Actions workflows on
self-hosted runners
Key: BEAM-14248
URL: https://issues.apache.org/jira/browse/BEAM-14248
Project: Beam
Issue Type: Improvement
Components: build-system
Reporter: Daniela Martín
Hi everyone,
After a meeting with Jarek and Gavin, we noticed that the implementation of
Ash's GitHub Actions Runner [1] would be highly important to have it in the
Beam project as well due to security concerns. Ash's version allows us to
execute the runners only by approved committers providing us an extra layer of
security (this is already implemented in Apache Airflow [2]).
Currently and with the GitHub Actions Runner [3], everyone can execute runners
and workflows with any restriction as it's a public repo.
We highly recommend incorporating this approach to the current implementation
Thank you!
[1] https://github.com/ashb/runner
[2]
https://github.com/apache/airflow-ci-infra/tree/main/github-runner-ami/packer
[3] https://github.com/actions/runner
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
