[explosion]

In the shared runner settings, I see this:

"GitLab Runners do not offer secure isolation between projects that they do builds for. You are TRUSTING all GitLab users who can push code to project A, B or C to run shell scripts on the machine hosting runner X."

Seems like a very strong reason to use one's own paid DigitalOcean instances for runners instead of using the free shared runners, at least for commercial projects. I was wondering if anyone from GitLab could expand further on this?

[sytse]

This warning is outdated for the shared runners on GitLab.com since we do not reuse runners there at all. All runners are destroyed after a since build. Please see https://gitlab.com/gitlab-org/gitlab-ce/issues/14732 for more background and our effort to update this message.

[explosion]

That's great to hear. Thanks.

[mordocai]

We'd need an answer from gitlab, but that statement was there with the old infrastructure for shared runners.

It is possible that this issue is fixed with the new ones?

[sytse]

You're correct, we fixed this issue, the new warning will be: "Shared runners execute code of different projects on the same Runner unless you configure GitLab Runner Autoscale with MaxBuilds 1 (which it is on GitLab.com)."