Trusted environment switch #2809
Conversation
This environment variable will allow to make repositories trusted, when enabling them in drone by default It is recommended to use `DRONE_TRUSTED_ENVIRONMENT=true` only in scenarios, where you are running drone master and drone agents for single trusted organization
|
thanks! I will take a look and provide feedback. |
tboerger
dismissed
their stale review
Got to revoke, need to properly review and think about it
|
First of all, thanks for the pull request. I have been thinking of how we might want to implement this, and I am thinking we may want to implement this at the runner level [1]. We could set + trusted := m.Repo.Trusted || r.Trusted
+ err = linter.Lint(pipeline, trusted)
- err = linter.Lint(pipeline, m.Repo.Trusted)
if err != nil {
logger = logger.WithError(err)
logger.Warnln("runner: yaml lint errors")
return r.handleError(ctx, m.Stage, err)
}The benefit to this approach is that we can globally trust (or distrust) all repositories without having to update the trusted flag in the database. [1] https://github.com/drone/drone/blob/master/operator/runner/runner.go#L234 |
|
OK will change to this approach. But @bradrydzewski, wouldn't it be a bit misleading? As in database you would have trusted / untrusted settings and then simply would ignore that setting on runner(s) Also just popped the idea, that this type of flag would actually make the default setting of newly enabled repo as trusted and still would allow to set the repo(s) as untrusted |
No description provided.