Trusting docker inferastructure #1
Loading…
Reference in New Issue
No description provided.
Delete Branch "%!s(<nil>)"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
We've moved the notify-gogs.sh to mindstab/drone-gogs image as a plugin, but it highlighted that we are trusting docker supplied executing code to handle out secrets. Initial thoughts around putting a sha256 hash in our .drone.yml to compare to were pointed out to have the problem of relying on the sha256 in the plugin/image be trust worthy, just pushing the problem a level down.
We could tag the current build to try hardcoding to it but it still relies on docker infrastructure trust worthyness and that isn't a garuntee.
We could also just move back to self hosting the script.
The risk is the secret token to out buildbot gogs account leaks