![]() ![]() To verify that the previous authentication token has been revoked, use the Runners API. To reset the authentication token, unregister the runner An attacker could use the token to clone a runner. If you think that an authentication token for a runner was revealed, you should Register new runners, the tokens used in those tools should be updated to reflect the If you are using any tools to provision and ![]() After the page is refreshed, expand the Runners settings sectionĪnd check the registration token - it should be changed.įrom now on the old token is no longer valid and does not registerĪny new runners to the project.Find the Runner token form field and select Reveal value.Expand the General pipelines settings section.That new runner may then be used to obtain the values of secret variables or to clone project code. A registration token can be used to register another runner for the project. If you think that a registration token for a project was revealed, you should Reset the runner registration token for a project If shared runners are disabled on the forked project, then this should also be disabled on the new namespace.If shared runners are enabled on the forked project, then this should also be enabled on the new namespace.To work around this issue, ensure that the shared runner settings are consistent in the forked project and the new namespace. Of the forked project does not match the new project namespace, the following message displays:Īn error occurred while forking the project. If you have shared runnersĬonfigured for a project and a user forks that project, the shared runners serve jobs of this project.ĭue to a known issue, if the runner settings When a project is forked, the job settings related to jobs are copied. Find the runner you want to protect or unprotect.On the left sidebar, at the top, select Search GitLab ( ) to find your project.To prevent runners from revealing sensitive information: On protected branches, or jobs that have protected tags. To ensure runners don’t reveal sensitive information, you can configure them to only run jobs Prevent runners from revealing sensitive information For more information, see Security Considerations. Users with access to the runner token can use it to create a clone ofĪ runner and submit false jobs in a vector attack. ![]() On a shared runner can access another user’s code that runs on the runner. If certain executors run a job, the file system, the code the runner executes,Īnd the runner token may be exposed. This ensures that youĬontrol access to your GitLab instances and secure runner executors. Of shared runners on large GitLab instances. To avoid exposing sensitive information, you can restrict the usage The job, if running longer, times out after 30 minutes Protecting sensitive information.You set the maximum job timeout for a runner to 30 minutes.You remove the maximum job timeout configuration from a runnerĮxample 3 - Runner timeout smaller than project timeout.The job, if running longer, times out after 2 hoursĮxample 2 - Runner timeout not configured.You set the CI/CD Timeout for a project to 2 hours.You set the maximum job timeout for a runner to 24 hours.If notĭefined, the project’s job timeout settingĮxample 1 - Runner timeout bigger than project timeout Enter a value under Maximum job timeout.Select your project runner to edit the settings.In a project, go to Settings > CI/CD > Runners.On, you cannot override the job timeout for shared runners and must use the project defined timeout. This feature can be used to prevent your shared runner from being overwhelmedīy a project that has jobs with a long timeout (for example, one week). If smaller than the project defined timeout, takes precedence. Set maximum job timeout for a runnerįor each runner, you can specify a maximum job timeout. If you need to configure runners on the machine where you installed GitLab Runner, see If you have installed your own runners, you can configure and secure them in GitLab. Automatically rotate authentication tokens Configuring runners.Configure fastzip to improve performance. ![]() System calls not available on shared runners.Sync or exclude specific submodules from CI jobs.Configure runner behavior with variables.Use tags to run jobs on different platforms.Use tags to control which jobs a runner can run.Reset the runner registration token for a project.Using shared runners in forked projects.Prevent runners from revealing sensitive information. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |