Does GitLab runner imply that I can move my open source projects to GitLab free edition and have integrated CI without the need to sign up at Travis-CI AND also including Windows support? That would be spectacular.
This is only tangentially related, but information on the runtime environment of gitlab.com's shared runners is a little obtuse. Is using a shared runner with a private repository a no-go if I want to keep my repo private? All I can find is the cryptic warning "GitLab Runners do not offer secure isolation between projects that they do builds for. You are TRUSTING all GitLab users who can push code to project A, B or C to run shell scripts on the machine hosting runner X." I take this to mean that I have to trust everyone who can push code to the shared runner, which for all intents and purposes is anyone with a gitlab account.
This was problem in the past. Since we use Docker we have fairly good separation of builds. You are not able to fetch someone other source unless you find or use linux kernel exploit. This will get improved further with upcoming upgrades to shared runners offering: https://gitlab.com/gitlab-com/www-gitlab-com/merge_requests/.... Most likely we will run the builds only once on the VM.
That would be awesome. But a merge request we had for that added a lot of dependencies to GitLab Runner. So we're still thinking about the best way. Suggestions are welcome. BTW Deploy to Kubernetes is easy via https://about.gitlab.com/2016/03/22/gitlab-8-6-released/
12 comments
[ 1.5 ms ] story [ 34.1 ms ] threadThe Linux-based Shared Runners are free for everyone, including for private projects.
You can override the image globally in .gitlab-ci.yml or on per-job basis. Full flexibility here :)