> On Jan 8, 2021, at 1:45 PM, Zach Hoffman <zrhoff...@apache.org> wrote:\
> Since running on all forks is not an option with Jenkins, that's where my
> preference comes from. Jenkins is still useful for jobs that don't need to
> run on forks, (e.g., periodically checking for Go version updates and
> opening a PR if a minor version update is found).
I presume you are referring to the fact that external non-committers cannot
force a build on a forked repo PR on the ASF Jenkins without whitelisting [1].
This is by design because it is a huge security problem to run unvetted 3rd
party code on our build infrastructure. This is the same problem that exists
with GitHub Self-Hosted Runners, and to a lesser extent with 3rd party Github
Actions, which has collectively brought us to the discussion we have today.
Is anyone aware of open-source self-hosted tooling which provides a Travis-like
experience? I understand GitLab may offer something like Github Actions, but
I’m not sure to what extent that functionality exists in the Community Edition.
-Chris
[1]
https://cwiki.apache.org/confluence/display/INFRA/git+-+.asf.yaml+features#git.asf.yamlfeatures-JenkinsPRWhitelisting
