Use custom container image to build the website (!1562) · Merge requests · tails / tails

Zen Fu requested to merge wip/sysadmin-17364-build-website-using-custom-image into master Jun 04, 2024

We want to give the CI enough privileges to push commits to tails.git (because Ikiwiki updates .po files), and one concern is with the authenticity of the container images we use, as tampered images could make use of those privileges.

This is only one step towards mitigating the risks of giving those privileges to the GitLab Runner. It's not enough and the final result will be documented in the process of sysadmin#17364.

Edited Jun 05, 2024 by Zen Fu

Use custom container image to build the website

Merge request reports