I’ve been studying the docs on self-hosted Actions runners for an infrastructure automation topic. I would like to have the ability to restrict when a self-hosted runner can be used but still be able to use it in multiple repositories.
- being able to configure the runner with a list of accepted actions (reject a workflow that has any non-safelisted actions in
- being able to tell the runner to reject workflows that have steps with
The use case here is that runners could have higher privileges than a user with write access to a repo, and as an admin I would like to prevent users from running commands and actions which might be destructive.
Is this something already in the roadmap?