Running arbitrary commands directly on the node is already possible in several places in the `Jenkinsfile`: * https://github.com/apache/tvm/blob/main/Jenkinsfile#L97 * https://github.com/apache/tvm/blob/main/Jenkinsfile#L127 * https://github.com/apache/tvm/blob/main/Jenkinsfile#L167
So our security is relatively poor even today. We can mitigate risks by: * ensuring every step is wrapped in a reasonable timeout * getting rid of persistent nodes (workers) and using autoscaled nodes only * require approval to run for first time contributors (https://github.blog/2021-04-22-github-actions-update-helping-maintainers-combat-bad-actors/), though Jenkins may not easily support this * make sure scripts run outside of docker are checked out from the target branch and not the PR branch for forked PRs (similar to how we manage the `Jenkinsfile` now). This would be troublesome for CI development for non-committers (i.e. me) but should lock down most of the vulnerability surface. We could take this further and only rebuild docker images on branches, which would still make testing / updating easier without the risks. --- [Visit Topic](https://discuss.tvm.apache.org/t/rfc-rebuild-docker-images-per-commit/12047/4) to respond. You are receiving this because you enabled mailing list mode. To unsubscribe from these emails, [click here](https://discuss.tvm.apache.org/email/unsubscribe/3acd77aecd51fc0fcc7ad48358cad187d2dc6ef899efc8eb33790e7b5d3fb4f0).
