|
|
|
|
|
|
by brodock
1900 days ago
|
|
|
For GitLab if you don't have at least developer access to the repository (as in you are sending a MR from a fork) that will run in the context of your user, so you don't have access to any secrets configured upstream, etc. If you have access to a repository you can customize the script to do whatever you want, but there will always be a trace tracking it back to you. There is a discussion about ultimate security (access only when asked) Vs the convenience of self-service. You can still avoid that by having people use a fork model, or triggering CD from an external project with tight access. Putting a burocratic process between ICs will only limit their throughput as in Jenkins paradigm. The better advice is don't hire people you can't trust |
|
|