Closed rvem closed 9 months ago
Is this not security relevant? Docker has a bunch of problems that can lead to escaping the container. Malicious PRs on selfhosted runners (if they still are for the serokell org) could exploit those vulnerabilities if not properly secured.
Is this not security relevant?
External jobs require manual approval in order to run, so this should be relatively safe as long as we check what we actually run on our CI :sweat_smile:
Problem: We want to be able to run CI checks on PRs from external forks. However, this is only possible with 'on: pull_request', while currently CI is triggered 'on: push'
Solution: Change CI triggering condition to 'on: pull_request'.