Open sujen1412 opened 2 weeks ago
@sujen1412 so this would be for both public and private repositories?
How do intend to prevent malicious execution of runners with PR from Forks? https://docs.github.com/en/enterprise-cloud@latest/actions/hosting-your-own-runners/managing-self-hosted-runners/about-self-hosted-runners#self-hosted-runner-security-with-public-repositories
Who needs to be in the group that can configure the runners? Should we make more than one runner group (aka separate from the default runner group)?
cc: @freitagb @xhagrg for review on the IMPACT side.
Yes this would be both for public and private repositories. We do not plan to use self hosted runners to trigger actions on pull request. Self-hosted runners would be used for deployments done via the deployment endpoint, a manual workflow dispatch or an approved deployment through a protected branch.
Would like to add @frankinspace and @bsatoriu as approved users as well.
We would like 3 different runner groups to start with called - dit, uat and ops.
So are you going to use Releases/Tags or full manual for triggering workflows @sujen1412 ?
Deployments will only be triggered automatically based on pushes to protected branches. Manual triggers can be sourced from feature branches (limited to DIT environment) or protected branches (develop == DIT, release/* == UAT, main == OPS).
During discussion on Jun 12; would prefer to limit the org-level runners to specific public repositories instead of all public repos. @wildintellect will investigate if this is possible. Additionally, @wildintellect will set up a runners team and include platform members to help administer the runners.
I've updated: "Fork pull request workflows from outside collaborators" to Require approval for all outside collaborators
It looks like we can manage Allowing this on specific repos. So if @sujen1412 @frankinspace can provide a list of which repos I'll enable that. I have not found a way to delegate this power yet.
We could start with just: https://github.com/MAAP-Project/maap-api-nasa https://github.com/MAAP-Project/maap-py
We would like to start using github actions for our deployments which require us to set up self-hosted runners for each venue and different repositories. It would be nice to have runner groups to be able to share these runner across repos.