Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

How to restrict runners to a specific branch and lock the .gitlab-ci.yml from changes?

Right now, anyone that creates a branch in my project and adds a .gitlab-ci.yml file to it, can execute commands on my server using the runner. How can I make it so that only masters or owners can upload CI config files and make changes to them?

I'm using https://gitlab.com/gitlab-org/gitlab-ci-multi-runner running on bash.

like image 424
CausingUnderflowsEverywhere Avatar asked Aug 30 '16 17:08

CausingUnderflowsEverywhere


People also ask

How do I specify GitLab runner?

For a shared runner, have an administrator go to the GitLab Admin Area and click Overview > Runners. For a group runner, go to Settings > CI/CD and expand the Runners section. For a project-specific runner, go to Settings > CI/CD and expand the Runners section.

How do I pause a GitLab runner?

You can pause or remove a group runner for your self-managed GitLab instance or for GitLab.com. You must have Owner permissions for the group. Go to the group you want to remove or pause the runner for. Go to Settings > CI/CD and expand the Runners section.

Are GitLab runners secure?

Fortunately, http://gitlab.com seems to be sharing only docker runners. docker runners are generally safe* because every build runs in a new container, so there's nothing to worry.


1 Answers

The GitLab runner wasn't really designed for this scenario and thus you are unable to do this. What you could do instead is have a new project with just your .gitlab-ci.yml file and configure it so that it pulls the original repository. From there you can do all the other things you want to do with your repository.

like image 74
Fairy Avatar answered Oct 02 '22 12:10

Fairy