Open mirobertod opened 1 year ago
We also struggle with same problem...
Hey guys, any update on this? Thanks
Hello,
Any chance this change might be implemented soon ?
Thanks in advance for your feedback Éric
Any news about this?
@mirobertod @AmorfEvo @EricDales @MiticoBerna could you help us understand more about your scenario. Especially interested in scenarios involving organization-level or enterprise-level runners.
Hi @ericsciple, thank you for your interest.
We want to prevent unauthorized modifications of the CI yaml files under .github folder.
Our goal is to download the repository using the token to verify if, for example, a signature we placed at the top of the CI YAML file has been altered by someone else.
If you have a better approach to ensure that the CI configuration can be modified only from authorized people, let us know.
Describe the bug The env var
GITHUB_TOKEN
is not present in the context of the script set asACTIONS_RUNNER_HOOK_JOB_STARTED
. Not sure if this has some security concern, but we would need a validGITHUB_TOKEN
during our pre-job script.To Reproduce Steps to reproduce the behavior:
env
and set its path as env var forACTIONS_RUNNER_HOOK_JOB_STARTED
Expected behavior The env var
GITHUB_TOKEN
should be present in the context of the script set asACTIONS_RUNNER_HOOK_JOB_STARTED
.Runner Version and Platform
Version of your runner? 2.308.0
OS of the machine running the runner? Linux Debian 11, Kubernetes (GKE) using actions-runner-controller.
Thanks