Skip to content

change salesloft build workflow to use github runners #7

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
mshepet merged 2 commits into from
Nov 14, 2024
Merged

change salesloft build workflow to use github runners #7

mshepet merged 2 commits into from
Nov 14, 2024

Conversation

@mshepet
Copy link

@mshepet mshepet commented Nov 12, 2024

Switch to using github hosted runners instead of self-hosted runners

@adrianmoisey
Copy link
Member

adrianmoisey commented Nov 12, 2024

Why move them to github's runners?

@mshepet
Copy link
Author

mshepet commented Nov 12, 2024

Why move them to github's runners?

This repo doesn't have access to launch workflows on the self-hosted runners, and I don't think it's a good idea to open up access from a public repository.

@adrianmoisey
Copy link
Member

adrianmoisey commented Nov 13, 2024

This repo doesn't have access to launch workflows on the self-hosted runners, and I don't think it's a good idea to open up access from a public repository.

Oh interesting.

If we use public runners, then we need to be writing harbor secrets to public infra, that also doesn't seem like an ideal situation.

What is the concern with using our runners? The rules are to only run the workflow when there is a push to a branch, even though the repo is public, nobody should be able to push to branches.

@mshepet
Copy link
Author

mshepet commented Nov 13, 2024

This repo doesn't have access to launch workflows on the self-hosted runners, and I don't think it's a good idea to open up access from a public repository.

Oh interesting.

If we use public runners, then we need to be writing harbor secrets to public infra, that also doesn't seem like an ideal situation.

This repo doesn't push to harbor, it pushes to a public Docker Hub registry.

What is the concern with using our runners? The rules are to only run the workflow when there is a push to a branch, even though the repo is public, nobody should be able to push to branches.

Following the recommendation from GitHub here https://docs.github.com/en/actions/hosting-your-own-runners/managing-self-hosted-runners/about-self-hosted-runners#self-hosted-runner-security

@adrianmoisey
Copy link
Member

adrianmoisey commented Nov 14, 2024

Their recommendation seems pretty compelling

@adrianmoisey
Copy link
Member

adrianmoisey commented Nov 14, 2024

This repo doesn't have access to launch workflows on the self-hosted runners, and I don't think it's a good idea to open up access from a public repository.

Oh interesting.

If we use public runners, then we need to be writing harbor secrets to public infra, that also doesn't seem like an ideal situation.

What is the concern with using our runners? The rules are to only run the workflow when there is a push to a branch, even though the repo is public, nobody should be able to push to branches.

I assume that someone could fork the repo, change the workflow to be "on PR" and run something on our runners

@mshepet mshepet merged commit c06018a into salesloft/v0.9.0 Nov 14, 2024
21 of 44 checks passed
@mshepet mshepet deleted the v090-development branch November 18, 2024 20:39
@mshepet mshepet mentioned this pull request Nov 18, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@adrianmoisey adrianmoisey adrianmoisey approved these changes

Assignees

No one assigned

Labels

1 min review

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@mshepet @adrianmoisey