Hi. On Wed, Apr 6, 2022 at 11:31 AM Chesnay Schepler <ches...@apache.org> wrote:
> Hello, > > In https://issues.apache.org/jira/browse/INFRA-23086 it was mentioned > that a security audit of self-hosted runners for github actions is being > conducted at the moment, and that until this is complete no significant > number of self-hosted runners can be set up. > This came as a bit of a surprise to us (the Flink project); we wanted to > complete our migration to github actions within the next 2-3 weeks, > which is now effectively blocked. > I wanted to ask about this part, why was it a surprise? Self Hosted Github Runners has never been approved for general projects use at the moment. Did you find some documentation somewhere that we might have said otherwise? We are still evaluating a safe and secure way in which we can deploy self hosted runners at the ASF. Currently Airflow are the only approved project, and we are working with Beam to ensure the same level of security if not better. the result of this experiment will determine when we can open up self hosted runners for all projects. 2 to 3 weeks MIGHT be do-able but I'll let you know, still working with Beam currently. > I wanted to ask whether there is some form of ETA on when this audit is > complete. > > Regards, > Chesnay > > > > -- *Gavin McDonald* Systems Administrator ASF Infrastructure Team
