Trusting docker inferastructure
We've moved the notify-gogs.sh to mindstab/drone-gogs image as a plugin, but it highlighted that we are trusting docker supplied executing code to handle out secrets. Initial thoughts around putting a sha256 hash in our .drone.yml to compare to were pointed out to have the problem of relying on the sha256 in the plugin/image be trust worthy, just pushing the problem a level down.
We could tag the current build to try hardcoding to it but it still relies on docker infrastructure trust worthyness and that isn't a garuntee.
We could also just move back to self hosting the script.
The risk is the secret token to out buildbot gogs account leaks
Deleting a branch is permanent. It CANNOT be undone. Continue?