[
https://issues.apache.org/jira/browse/BEAM-14248?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Daniela Martín updated BEAM-14248:
----------------------------------
Description:
Hi everyone,
After a meeting held on March 14, 2022 with Gavin McDonald and Jarek Potiuk, we
noticed that the implementation of Ash's GitHub Actions Runner [1] would be
highly important to have it in the Beam project as well due to security
concerns. Ash's version allows us to execute the runners only by approved
committers providing us an extra layer of security (this is already implemented
in Apache Airflow [2]).
Currently and with the GitHub Actions Runner [3], everyone can execute runners
and workflows with any restriction as it's a public repo.
We highly recommend incorporating this approach to the current implementation
Thank you!
[1] [https://github.com/ashb/runner]
[2]
[https://github.com/apache/airflow-ci-infra/tree/main/github-runner-ami/packer]
[3] [https://github.com/actions/runner]
was:
Hi everyone,
After a meeting with Jarek and Gavin, we noticed that the implementation of
Ash's GitHub Actions Runner [1] would be highly important to have it in the
Beam project as well due to security concerns. Ash's version allows us to
execute the runners only by approved committers providing us an extra layer of
security (this is already implemented in Apache Airflow [2]).
Currently and with the GitHub Actions Runner [3], everyone can execute runners
and workflows with any restriction as it's a public repo.
We highly recommend incorporating this approach to the current implementation
Thank you!
[1] https://github.com/ashb/runner
[2]
https://github.com/apache/airflow-ci-infra/tree/main/github-runner-ami/packer
[3] https://github.com/actions/runner
> Allow committers only to run GitHub Actions workflows on self-hosted runners
> ----------------------------------------------------------------------------
>
> Key: BEAM-14248
> URL: https://issues.apache.org/jira/browse/BEAM-14248
> Project: Beam
> Issue Type: Improvement
> Components: build-system
> Reporter: Daniela Martín
> Priority: P2
>
> Hi everyone,
> After a meeting held on March 14, 2022 with Gavin McDonald and Jarek Potiuk,
> we noticed that the implementation of Ash's GitHub Actions Runner [1] would
> be highly important to have it in the Beam project as well due to security
> concerns. Ash's version allows us to execute the runners only by approved
> committers providing us an extra layer of security (this is already
> implemented in Apache Airflow [2]).
> Currently and with the GitHub Actions Runner [3], everyone can execute
> runners and workflows with any restriction as it's a public repo.
> We highly recommend incorporating this approach to the current implementation
> Thank you!
> [1] [https://github.com/ashb/runner]
> [2]
> [https://github.com/apache/airflow-ci-infra/tree/main/github-runner-ami/packer]
>
> [3] [https://github.com/actions/runner]
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
