-
-
Notifications
You must be signed in to change notification settings - Fork 5.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add mount /tmp as tmpfs to drone script #11132
Conversation
4ccc40c
to
2d2dbbf
Compare
I can run locally using:
but that's out of the question in our setup, I guess. |
Yeah that needs option set to trusted for repository |
But problem with that is that allows even for PRs to allow access to host. Only way to prevent this would be signing yaml file and not allow to change them in PR |
So I've made some local tests in my humble VM server, and I can see that the benefits are not very noticeable if I/O bottleneck isn't actually a problem (my server is pretty much idle on a Sunday afternoon). I've executed
|
@lafriks Given the russian-doll structure of docker, maybe there can be a parent yml that's signed and a child yml we can edit? Or depart from an image composed to implements that? |
@guillep2k no that is not possible. Only option to sign would be to run |
Initially we had signed drone.yml but we dropped it... maybe for this we could add it back |
oh that would probably allow us to have extra steps - like fmt and linters offering fixing comments. |
Lets check if we can mount /tmp as tmpfs in our scripts.
Not working (see my next comment), but I'll leave this here in case someone comes up with a fix.