WIP: Sealed Runner
What does this MR do?
Adds runner config option to ignore any project-defined script steps. Instead it takes a script definition from the runner config.
Why was this MR needed?
We want to define a runner on which a build step can be defined by any project, but which can retain control over exactly what is executed, i.e. it should not execute any project-defined code. This allows external parties to provide build steps running trusted code or using credentials.
Are there points in the code the reviewer needs to double check?
- any other mechanism by which a project can define arbitrary executed commands on a runner should be covered
Does this MR meet the acceptance criteria?
-
Documentation created/updated -
Added tests for this feature/bug -
In case of conflicts with master
- branch was rebased
What are the relevant issue numbers?
Edited by xsyvITyt