Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Isolate unsafe code in build.yml #2698

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Conversation

c0rv4x
Copy link

@c0rv4x c0rv4x commented Oct 13, 2024

Description
I have introduced isolation for self-hosted runner, so it is not possible for malicious attacker to persist in the self-hosted runner. Otherwise it might lead to backdoors.

Alternative(s) considered
Probably we could use VMs or github-hosted runners, but this solution seems more trivial.

Type
Choose one: Other

Screenshots (if applicable)

Checklist

  • I have read and acknowledged the Code of conduct.
  • I have read the Contributing page.
  • I have signed the Google Individual CLA, or I am covered by my company's Corporate CLA.
  • I have discussed my proposed solution with code owners in the linked issue(s) and we have agreed upon the general approach.
  • I have run ./gradlew spotlessApply and ./gradlew spotlessCheck to check my code follows the style guide of this project.
  • I have run ./gradlew check and ./gradlew connectedCheck to test my changes locally.
  • I have built and run the demo app(s) to verify my change fixes the issue and/or does not break the demo app(s).

@c0rv4x c0rv4x requested a review from a team as a code owner October 13, 2024 18:58
@c0rv4x c0rv4x requested a review from aditya-07 October 13, 2024 18:58
Copy link

google-cla bot commented Oct 13, 2024

Thanks for your pull request! It looks like this may be your first contribution to a Google open source project. Before we can look at your pull request, you'll need to sign a Contributor License Agreement (CLA).

View this failed invocation of the CLA check for more information.

For the most up to date status, view the checks section at the bottom of the pull request.

@c0rv4x
Copy link
Author

c0rv4x commented Oct 13, 2024

I have just signed the CLA. Would be great if you could rerun the flow

@c0rv4x
Copy link
Author

c0rv4x commented Oct 23, 2024

Hey, Any updates?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
Status: New
Development

Successfully merging this pull request may close these issues.

1 participant