zuul/zuul: The Gatekeeper, or a project gating system - zuul - OpenDev: Free Software Needs Free Tools

The Gatekeeper, or a project gating system

History

Tobias Henkel bf4e9893d0 Block localhost shell tasks in untrusted playbooks Zuul was designed to block local code execution in untrusted environments to not only rely on bwrap to contain a job. This got broken since the creation of a command plugin that injects the zuul_job_id which is required for log streaming. However this plugin doesn't do a check if the task is a localhost task. Further it is required in trusted and untrusted environments due to log streaming. Thus we need to fork this plugin and restrict the variant that is used in untrusted environments. We do this by moving actiongeneral/command.py back to action/*. We further introduce a new catecory actiontrusted which gets the unrestricted version of this plugin. Change-Id: If81cc46bcae466f4c071badf09a8a88469ae6779 Story: 2007935 Task: 40391		2 weeks ago
..
dashboard	Update node to v14 and update to new jobs	2 months ago
quick-start	Shift docker and pip setup to pre-playbook for quick-start	1 month ago
release	Use ensure-* roles	4 months ago
zuul-migrate	Update references for opendev	1 year ago
zuul-stream	Block localhost shell tasks in untrusted playbooks	2 weeks ago