Details
-
Epic
-
Resolution: Done
-
Major
-
None
-
Pipelines as Code: Running the Pipeline Permissions
-
False
-
None
-
False
-
To Do
-
100
-
100%
-
PAC now supports the policy concept which lets you bind different actions to GitHub groups
Description
1. Proposed title of this feature request
Pipelines as Code: Running the Pipeline Permissions
2. What is the nature and description of the request?
The customer is looking to restrict who can trigger a pipelinerun within a given Repo.
a. The customer's entire team is a member of our Github Org, which appears to be triggering this field "The author is a public member on the organization of the repository."
b. The customer only wants admins on a repo to trigger the pipelinerun.
The customer would like to be able to customize which of the levels of Org Role can trigger a pipeline run.:
- Owners
- Members
- Moderators
- Billing managers
- Security managers
REF: https://pipelinesascode.com/docs/guide/running/
The pull request author's PipelineRun will be run if:
- The author is the owner of the repository.
- The author is a collaborator on the repository.
- The author is a public member of the organization of the repository.
- The pull request author is inside an OWNER file located in the repository root on the main branch (the main branch as defined in the - GitHub configuration for the repo) and added to either approvers or reviewers sections.
3. Why does the customer need this? (List the business requirements here)
Impact is to reduce the security risk of code being run.
4. List any affected packages or components.
OpenShift Pipelines
Pipelines As Code
Attachments
Issue Links
- duplicates
-
-
- Release Pending
-
