Skip to content

Use custom container image to build the website

refs sysadmin#17364 (closed)

We want to give the CI enough privileges to push commits to tails.git (because Ikiwiki updates .po files), and one concern is with the authenticity of the container images we use, as tampered images could make use of those privileges.

This is only one step towards mitigating the risks of giving those privileges to the GitLab Runner. It's not enough and the final result will be documented in the process of sysadmin#17364 (closed).

Edited by Zen Fu

Merge request reports

Loading